Databases
StackOverflow2013
Postsdbo
POUnable to Install Certificate on Windows 7 using CertEnroll
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POUnable to Install Certificate on Windows 7 using CertEnroll
    text
    copied!<p>We have an existing certificate issuing application (C#, ASP.NET, JavaScript) that issues certificates to Windows XP users using XenRoll in IE. I need to extend this to support Windows Vista and Windows 7 users, also using IE.</p> <p>For Vista and 7, Microsoft replaced the XenRoll ActiveX controll with the new CertEnroll control. I've got this working in Vista SP2, but in 7 I get this error at the installation step:</p> <blockquote> <p>CertEnroll::CX509Enrollment::InstallResponse: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487)</p> </blockquote> <p>Here's a snippet of the relevant HTML &amp; JavaScript:</p> <pre><code>&lt;object id="classFactoryObj" classid="clsid:884e2049-217d-11da-b2a4-000e7bbb2b09"&gt;&lt;/object&gt; &lt;script type="text/javascript"&gt; function InstallCert() { try { var classFactory = document.getElementById("classFactoryObj"); var objEnroll = classFactory.CreateObject("X509Enrollment.CX509Enrollment"); var signedCert = '-----BEGIN CERTIFICATE-----' + 'REMOVED FOR BREVITY' + '-----END CERTIFICATE-----'; objEnroll.Initialize(1); // User context objEnroll.InstallResponse(4, signedCert, 6, ""); // AllowUntrustedRoot = 4 alert('Certificate installed'); } catch (ex) { alert('Unable to install certificate: ' + ex.description); } } InstallCert(); &lt;/script&gt; </code></pre> <p>Now, it's true that the root certificate is not trusted, but I'm calling InstallResponse with the first parameter set to 4, which is supposed to allow installation even if the root certificate is not trusted. This works as advertised in Vista, but doesn't seem to in Windows 7.</p> <p>I tested, and it does work if the root certificate is trusted. I'm sure some one will say it, so I'll pre-empt it - having the clients trust the root certificate is not really an option for us (we want to distribute client authentication certificates to customers, as a part of authenticating them on our network).</p> <p>Am I doing something wrong here? Has anyone else got this working in Windows 7?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload